Red Hat Training

A Red Hat training course is available for Red Hat Satellite

12.3. Client System Preparation

Before your UNIX-based client systems benefit from Red Hat Network, they must be prepared for connection:
  1. Download and install gzip and required third-party libraries.
  2. Download the RHN application tarball from the Satellite to the client and install the contents.
  3. Next, deploy the SSL certificates required for a secure connection.
  4. Configure the client applications to connect to the RHN Satellite.
Once finished, your systems will be ready to begin receiving RHN updates. The following three section explain these steps in detail.

12.3.1. Download and Install Additional Packages

This section steps you through the process of downloading and installing third-party applications and the RHN applications from the Satellite onto the UNIX client.
Of primary importance is the Red Hat Update Agent for UNIX (up2date), which provides the link between your client systems and Red Hat Network. The UNIX-specific version of the Red Hat Update Agent is limited in functionality compared to its Linux counterpart but still enables system registration and facilitates package installs and patches. Refer to Section 12.4, “Registration and Updates” for a full description of the tool's options.

Note

It may be useful to enter the command bash when first logging into the Solaris client. If the BASH shell is available, it will make the system's behavior as Linux-like as possible.

12.3.1.1. Install Third-Party Packages

Installation of the RHN applications cannot proceed unless the following utility and libraries are present:
  • gzip
  • libgcc
  • openssl
  • zlib
The gzip utility is provided by the SUNWgzip package and may be downloaded from http://www.sunfreeware.com.
On recent versions of Solaris, the necessary libraries are provided by the following natively installed packages:
  • SUNWgccruntime
  • SUNWopenssl*
  • SUNWzlib
For older Solaris versions, the following required packages may be downloaded from http://www.sunfreeware.com:
  • SMClibgcc or SMCgcc
  • SMCossl
  • SMCzlib
To verify if a package is installed on the client, use the pkginfo command. For example, to check for a package that contains "zlib" in the name, run the following command: 
# pkginfo | grep zlib

Note

Solaris package archive names differ from the name of the installed package. For example, the package archive libgcc<version>-sol<solaris-version>-sparc-local.gz becomes SMClibgcc after installation

12.3.1.2. Configure the Library Search Path

In order to allow the Solaris client to use the libraries installed in the previous step, you must add their location to the library search path. To do so, first check the current library search path": 
# crle -c /var/ld/ld.config
Make a note of the current Default Library Path. Next, modify the path to also include the components shown below. Note that the -l option resets the value, rather than appending it, so if there already were values set on your system, prepend them to the -l parameter.
On sparc: 
 # crle -c /var/ld/ld.config -l /other/existing/path:/lib:/usr/lib:/usr/local/lib
On x86: 
# crle -c /var/ld/ld.config -l /other/existing/path:/lib:/usr/lib:/usr/local/lib:/usr/sfw/lib

12.3.1.3. Download RHN Client Packages

Download the appropriate tarball of packages from the /var/www/html/pub/ directory of your Satellite. If you are able to use a GUI web browser like Mozilla, navigate to the /pub directory of the Satellite and save the appropriate tarball to your client: 
http://your-satellite.example.com/pub/rhn-solaris-bootstrap-<version>-<solaris-arch>-<solaris-version>.tar.gz
If you must download the tarball from the command line, it should be possible to use ftp to transfer the file from the Satellite to the client.
Using gzip, decompress the tarball. You should have the following packages:
  • RHATpossl
  • RHATrcfg
  • RHATrcfga
  • RHATrcfgc
  • THATrcfgm
  • RHATrhnc
  • RHATrhnl
  • RHATrpush
  • RHATsmart
SMClibgcc and SMCosslg may also be included in the tarball.

12.3.1.4. Install the RHN Packages

Change to the uncompressed directory and use the UNIX variant's native installation tool to install each package. For example, on Solaris, use the pkgadd command. Answer "yes" to any prompts during package install.
Here is how a typical installation might proceed: 
# pkgadd -d RHATpossl-0.6-1.p24.6.pkg all 
# pkgadd -d RHATpythn-2.4.1-2.rhn.4.sol9.pkg all 
# pkgadd -d RHATrhnl-1.8-7.p23.pkg all 
...

Note

You may choose to use the -n of pkgadd, which runs the command in non-interactive mode. However, this may cause the installation of some packages to fail silently on Solaris 10.
Continue until each package is installed in the RHN-specific path: /opt/redhat/rhn/solaris/.

12.3.1.5. Include RHN Packages in the PATH

In order to make the RHN packages available at each login, you may wish to add them to your PATH. To do so, add these commands to your login script: 
# PATH=$PATH:/opt/redhat/rhn/solaris/bin 
# PATH=$PATH:/opt/redhat/rhn/solaris/usr/bin 
# PATH=$PATH:/opt/redhat/rhn/solaris/usr/sbin 
# export PATH
To enable access to the RHN client command man pages, add them to your MANPATH. To do so, add the following commands to your login script: 
 
# MANPATH=$MANPATH:/opt/redhat/rhn/solaris/man 
# export MANPATH
Alternatively, you can also access the man pages from the command line, with the following command: 
 
# man -M /opt/redhat/rhn/solaris/man <man page>
Finally, add the Red Hat Libraries to your PATH as you did with libgcc, openssl and zlib. 
crle -c /var/ld/ld.config -l <current library paths>:/opt/redhat/rhn/solaris/lib

12.3.2. Deploying Client SSL Certificates

To ensure secure data transfer, Red Hat strongly recommends the use of SSL. The RHN Satellite eases implementation of SSL by generating the necessary certificates during its installation. The server-side certificate is automatically installed on the Satellite itself, while the client certificate is placed in the /pub/ directory of the Satellite's Web server.
To install the certificate, follow these steps for each client:
  1. Download the SSL certificate from the /var/www/html/pub/ directory of the RHN Satellite onto the client system. The certificate will be named something similar to RHN-ORG-TRUSTED-SSL-CERT. It is accessible via the web at the following URL: https://your-satellite.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT.
  2. Move the client SSL certificate to the RHN-specific directory for your UNIX variant. For Solaris, this can be accomplished with a command similar to: 
     mv /path/to/RHN-ORG-TRUSTED-SSL-CERT /opt/redhat/rhn/solaris/usr/share/rhn/
When finished, the new client certificate will be installed in the appropriate directory for your UNIX system. If you have a large number of systems to prepare for RHN management, you may script this entire process.
Now you must reconfigure the RHN client applications to refer to the newly installed SSL certificate. Refer to Section 12.3.3, “Configuring the clients” for instructions.

12.3.3. Configuring the clients

The final step before registering your client systems with Red Hat Network is to reconfigure their RHN applications to use the new SSL certificate and obtain updates from the RHN Satellite. Both of these changes can be made by editing the configuration file of the Red Hat Update Agent, which provides registration and update functionality.
Follow these steps on each client system:
  1. As root, change to the RHN configuration directory for the system. For Solaris, the full path is /opt/redhat/rhn/solaris/etc/sysconfig/rhn/.
  2. Open the up2date configuration file in a text editor.
  3. Find the serverURL entry and set its value to the fully qualified domain name (FQDN) of your RHN Satellite: 
    serverURL[comment]=Remote server URL
serverURL=https://your-satellite.example.com/XMLRPC
  4. Ensure the application refers to the RHN Satellite even when SSL is turned off by also setting the noSSLServerURL value to the Satellite: 
     
noSSLServerURL[comment]=Remote server URL without SSL
noSSLServerURL=http://your-satellite.example.com/XMLRPC
  5. With the up2date configuration file still open, find the sslCACert entry and set its value to the name and location of the SSL certificate described in Section 12.3.2, “Deploying Client SSL Certificates”, for example: 
    sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/opt/redhat/rhn/solaris/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Your client systems are now ready for registration with Red Hat Network and management by your Satellite.